Thank you very much Florian. I will use fib type local as a replacement.
Serguei
On 2019-08-22, 10:20 AM, "Florian Westphal" <fw@xxxxxxxxx> wrote:
Serguei Bezverkhi (sbezverk) <sbezverk@xxxxxxxxx> wrote:
> Hello,
>
> I am trying to find an equivalent nft command for the following iptables command. Specifically "physdev" and "addrtype", I could not find so far, some help would be very appreciated.
> -m physdev ! --physdev-is-in
This has no equivalent. The rule above matches when 'call-iptables' sysctl
is enabled and the packet did not enter via a bridge interface.
So, its only false when it did enter via a bridge interface.
In case the sysctl is off, the rule always matches and can be omitted.
nftables currently assumes that call-iptables is off, and that
bridges have their own filter rules in the netdev and/or
bridge families.
inet/ip/ip6 are assumed to only see packets that are routed by the ip
stack.
> -m addrtype ! --src-type LOCAL
fib saddr type != local
